Is the Microsoft 365 security score calculator free?

Yes. The questionnaire is free and the result is shown on screen. You can optionally request a written breakdown by email, with no obligation to engage further.

How long does it take to complete?

Most teams finish in five to ten minutes. The 24 questions cover identity, email, endpoint, data protection, threat protection, governance and monitoring.

Do I need to sign in to my Microsoft 365 tenant?

No. The calculator never connects to your tenant. It is a self-assessment based on what your team already knows about how Microsoft 365 is configured.

Is this a Cyber Essentials Plus readiness check?

It is a Microsoft 365 control posture indicator, not a formal assessment. Many of the controls overlap with Cyber Essentials Plus expectations, so a low score usually predicts Cyber Essentials Plus findings.

What happens after I submit my details?

If you opt in to contact, you receive a written summary of your score and the highest-impact gaps. There is no automated drip campaign or open-ended follow-up sequence.

M365 score

Microsoft 365 Security Score Calculator

No tenant login, no Microsoft access, and no admin consent. Answer 24 questions across 7 control areas to get a free view of your Microsoft 365 security posture, biggest risks, and practical next steps.

0 of 24 answered0%

Identity & Access

Is phishing-resistant or strong MFA enforced for every admin account?Is legacy authentication blocked across Exchange and Entra ID?Do break-glass accounts exist with documented monitoring and exclusions?Are Conditional Access policies documented, tested and owned?

Email & Collaboration

Are Defender for Office 365 policies configured beyond defaults?Are external forwarding and risky inbox rules reviewed?Is Teams, SharePoint and OneDrive external sharing reviewed regularly?

Endpoint

Are work devices enrolled and visible in Intune or another MDM?Do compliance policies gate access to sensitive Microsoft 365 data?Is Defender for Endpoint onboarded and reporting for all endpoints?Are local admin rights and elevation exceptions controlled?

Data Protection

Are sensitivity labels or equivalent handling rules in use?Are DLP policies active for the data that matters most?Has Copilot or third-party AI exposure been checked against permissions?

Threat Protection

Is Microsoft Secure Score used as a backlog rather than a vanity KPI?Is there a simple phishing and account-takeover response runbook?Are risky OAuth apps, app consent and stale enterprise apps reviewed?

Governance & Compliance

Are privileged roles reduced and reviewed?Can you produce evidence for MFA, patching, device and access controls?Are tenant changes approved and logged before rollout?Can internal IT or an MSP keep the controls running after changes?

Monitoring & Audit

Are audit logs enabled and retained for the investigation window you need?Does someone own Defender, Entra and Microsoft 365 alert triage?Is there a monthly control review for exceptions, drift and stale access?

What the calculator checks

The score covers identity and access, email and collaboration, endpoint management, data protection, threat protection, governance, and audit readiness. It is designed for UK teams using Entra ID, Intune, Defender, Exchange, SharePoint, and Cyber Essentials controls.

How to read your score

A higher score means fewer obvious control gaps. The result is not a certification or penetration test, but it helps show where Microsoft 365 hardening work should start before an audit, renewal, or clean-up.

What to do next

Use the quick wins to fix urgent exposure, then compare the result with your Cyber Essentials readiness and operational risk. For hands-on help, see IT consultancy, review proof, or contact Magrathean.

Score bands

Common questions

Is the Microsoft 365 security score calculator free?: Yes. The questionnaire is free and the result is shown on screen. You can optionally request a written breakdown by email, with no obligation to engage further.
How long does it take to complete?: Most teams finish in five to ten minutes. The 24 questions cover identity, email, endpoint, data protection, threat protection, governance and monitoring.
Do I need to sign in to my Microsoft 365 tenant?: No. The calculator never connects to your tenant. It is a self-assessment based on what your team already knows about how Microsoft 365 is configured.
Is this a Cyber Essentials Plus readiness check?: It is a Microsoft 365 control posture indicator, not a formal assessment. Many of the controls overlap with Cyber Essentials Plus expectations, so a low score usually predicts Cyber Essentials Plus findings.
What happens after I submit my details?: If you opt in to contact, you receive a written summary of your score and the highest-impact gaps. There is no automated drip campaign or open-ended follow-up sequence.